Legal Risk
Part Of
Reduced By Practices
- Contracts: A well-written contract establishes the terms under which software is provided or used.
- Training: Sometimes, training is required to demonstrate that an organisation complies with certain legal obligations.
Attendant To Practices
- Fundraising: Raising capital invariably involves signing of and adherence to contracts.
- Outsourcing: Outsourcing relationships may be more legally complex than hiring staff directly.
- Release: Publishing or releasing code may involve licensing, Intellectual Property, Liability or other legal compliance."
Software and software services are becoming an increasingly important part of the modern world. As the Security Risk article shows, the result is that software has become a critical dependency in the functioning of the modern world, irrespective of whether that software is provided via open source or commercial avenues.
Jurisdictions around the world are working hard to strengthen their laws guarding against the negative externalities caused by software - whether through increased security requirements, supply chain regulations or data controls.
If you are building software, you need to account for the Legal Risks around that activity.
Worked Example
An online gaming firm is considering adding forum features, where players can discuss tactics and events related to their game and upload images and videos that they've created related to the game.
But as the above diagram shows, mitigating these Feature Fit Risks naively exposes the firm to Leagl Risks. For example:
- One of the players uploads copyrighted media. They copyright holder may then file a DCMA takedown notice to have it removed.
- Content might be uploaded that breaks privacy laws, e.g General Data Protection Regulation (GDPR).
- Harmful or illegal content such as hate speech may be uploaded.
In addition, as laws differ across jurisdictions, the firm may have to deal with cases where content is legal in one area but illegal in another. To mitigate some of these legal risks the firm may have to extend their Terms of Service, DMCA processes or employ content moderators.
Example Threats
1. Intellectual Property Rights
Threat: Copyrights, patents and trademarks apply when distributing software.
2. Licensing
Threat: A lot of the dependencies you might rely on to build software will be licensed (whether open source or otherwise). It's important to manage these licenses. One common issue in this area is CopyLeft - the requirement to distribute derivative works under the same license as the original.
3. Contracts
Threat: Entering into contracts (e.g. Terms of Service (ToS), Non-Disclosure Agreements (NDAs) or employment contracts (see Outsourcing and Delegation is essential to running a business but involves Legal Risk.
4. Tax / Sales Laws
Threat: Having customers means accounting regulations and sales tax laws. This is even more problematic in different jurisdictions, where you'll need to consider handling foreign exchange, different legal regimes and cross-border obligations.
Google purchased Android, Inc in 2005 for it's Android mobile operating system and wanted to incorporate Java - a multi-platform language and runtime environment developed originally by Sun Microsystems. However, Google and Sun were unable to agree to the terms of a license. As a result, Google decided to implement its own version of Java, based partly on available open source implementations at the time. The Android platform finally saw release in 2008 in the HTC Dream handset.
In 2010, Oracle acquired Sun and decided to sue Google for copyright and patent infringement, asking for several billion in damages. The court case hinged around whether Google's copying of the Java APIs constituted fair use: were the functional designs of APIs copyrightable or not? Over the next 10 years, the case went through the various layers of the US court system, the verdict flip-flopping in each case. Eventually, in 2021, the US Supreme Court sided with Google, deciding that the its use of the Java APIs was fair.
A key take-away from this is that legal decisions are not clear-cut and getting into legal battles is a long, drawn out process. In retrospect, Google would have been better off working through their licensing issues with Sun or collaborating on the nascent OpenJDK project instead of ploughing their own furrow.